After installation, DNE is initially disabled by default (per licensing requirements). Installation does not depend on whether DNE is enabled or not.


  • To enable DNE using REST API.

    POST /api/v1/network-encryption/status?action=update_status&status=ENABLE&context=ALL

  • To disable DNE using REST API.
    1. Do a GET API call.

      GET /api/v1/network-encryption/status

    2. From the GET results, issue a POST command with the changed data.

      POST /api/v1/network-encryption/status?action=update_status&status=DISABLE&context=ALL

      DNE immediately suspends all policy enforcement operations which includes authentication and encryption. While disabled, existing policy configurations are not enforced. The policy configurations are not deleted to let you can enable them when needed.

What to do next

You can enable or disable DNE after you install using either the NSX Manager console. See "Manage DNE Settings" in the NSX-T Administration Guide.